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REMARKS 

The Office Action mailed December 3, 2004 has been carefully reviewed and the 
foregoing amendment and following remarks are made in consequence thereof. 

Claims 1-16 are now pending in this application. Claims 1-16 stand rejected. 

The rejection of Claims 1 and 5 under 35 U.S.C. § 112, first paragraph, is 
respectfully traversed. Applicants respectfully submit that Claims 1 and 5 comply with the 
written description requirement. Specifically, "retrieving from the centralized database, an 
exception access rule including pre-established criteria. . .applying the exception access rule 
to the completed request for quick approval... automatically approving access based on the 
exception access rule", recited in Claims 1 and 5, are illustrated in the specification at least at 
paragraph [0043], lines 3- 4, which describe: 

After a user requests access , after logging onto UPMS 10, the 
system determines whether the user is permitted access after 
completing an evaluation based on Hard Exclusive Rules 262, 
Application Rules 264, Exception Access Rules 266 , and 
Exception Access List 268. During the evaluation process, the 
system retrieves the information from eProfile Storage 270 and 
submits any new information to eProfile Storage 270, as required. 
If the user is approved based on an evaluation of Application 
Rules 264, Exception Access Rules 266, and Exception Access 
List 268, the user is permitted access 274. If access is denied, a 
message informing such restriction is conveyed to the user 
through a Message Box 272, and the user is notified 276. 

The specification further describes at paragraph [0042], lines 7-13 that: 

If the user is denied access, a decision for quick request 238 is 
explored by the system. If the user desires not to pursue quick 
request 238, the user is directed to eProfile application 240 or the 
user can skip 242 the entire process by exiting from the 
application. If the user decided to pursue quick request 238, user 
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completes a request for approval 244 which is subjected to an 
internal exception access process 246 . If the user is approved 
based on pre-established criteria, the user is notified of the 
approval 248, 

Applicants respectfully submit that such a description would reasonably convey to 
one of skill in the art, at the time the invention was filed an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. 

For the reasons set forth above, Applicants respectfully request that the Section 112 
rejection of Claims 1 and 5 be withdrawn. 

The rejection of Claim 16 under 35 U.S.C. § 101 as being directed to non-statutory 
subject matter is respectfully traversed. Claim 16 has been amended to recite "[a] computer- 
implemented database configured to be protected from access by unauthorized individuals by 
managing user and data profiles by an administrator, said database providing access to users 
based on pre-determined rules and criteria further comprising... pre-established criteria data 
developed from access rules and criteria including at least one of Rule Based Access 
guidelines, Group Based Access guidelines, Search & Subscribe Utilities guidelines, Active 
Positioning Monitoring guidelines, Hard Exclusion Rules guidelines, and Access Audits 
guidelines... applications data, including system administrator defined attributes that cross- 
references the applications profile data against unique identifiers... user data, that includes a 
user's organization and citizenship, that cross-references the users profile data against unique 
identifiers... pre-determined rules and methodologies data that facilitates accurate user access 
decision making." Applicants respectfully submit that the database is tangibly embodied as a 
computer-implemented database and that the data elements are positively recited in the 
amended claim. Accordingly, Applicant submits that Claim 16 satisfies the requirements of 
Section 101. 

For at least the reasons set forth above, Applicant respectfully requests that the 
Section 101 rejection of Claim 16 be withdrawn. 
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The rejection of Claims 1 and 3-4 under 35 U.S.C. § 103 as being unpatentable over 
Kraenzel (U.S. Pat No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879) is 
respectfully traversed. 

Kraenzel describes a system for generating a profile of a network user based on an 
access control list of the network that is based on objects accessible by the user. The system 
also generates a user profile based on a user's object access privileges, generates a user profile 
based on user affinities, generates a user profile that enables users to select which user 
affinities are inserted into the profile, and generates a user profile that enables users to edit 
the profile. The system accesses a database containing one or more objects requested by a 
user, and retrieves the user's access privileges for the object(s) requested. If the user's access 
privileges meet the minimum requirements set by the object administrator, the system 
retrieves the requested object and presents the object(s) to the user. If, the user's access 
privileges do not meet the minimum requirements set by a system administrator for that 
object(s), the user may request additional privileges from the system administrator. If 
additional privileges are granted, the system retrieves and presents the requested object to the 
user. Notably, Kraenzel describes that the approval for access comes from a system 
administrator and does not describe automatically approving access based on an exception 
access rule. 

Behera describes an access control via properties system that provides Access Control 
List (ACL) rules that are structured such that the ACL rules indicate the attributes that the 
administrator has selected for user access and specifies the type of access to be granted to a 
user which can include: read, write, or any other privileges that the system supports. The 
desired attributes that the user must have to be granted such access is also listed along with 
the attribute fieldname associated with the desired attributes. The directory server will match 
the desired attributes within the specified attribute fieldname with the user's attributes and 
allows access to the directory entry only if the user has the desired attribute values. 
Alternatively, a match function can be specified for the desired attributes where the directory 
server matches the desired attributes with the user and the owner of the list of attributes and 
allows access to the directory entry only if the both the user and the owner have the desired 
attribute values. When a user accesses a directory entry, the directory server selects and 
analyzes a specific access control command according to the attribute being accessed. 
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Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database... creating an electronic profile for data within 
the centralized database... establishing pre-determined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
to the completed request for quick approval... automatically approving access based on the 
exception access rule." 

Neither Kraenzel nor Behera, considered alone or in combination, describe or suggest 
a method for providing access to users based on user profiles that includes creating an 
electronic profile for a user within a centralized database, creating an electronic profile for 
data within the centralized database, establishing pre-determined rules and methodology for 
user access, making a decision with reference to the user access after completing an 
evaluation based on the electronic profiles, pre-determined rules, and operating methodology 
in response to a request from the user for access, if the user is denied access, prompting the 
user to complete a request for quick approval, retrieving, from the centralized database, an 
exception access rule including pre-established criteria, applying the exception access rule to 
the completed request for quick approval, automatically approving access based on the 
exception access rule. More specifically, neither Kraenzel nor Behera, considered alone or in 
combination, describe or suggest a method that includes prompting the user to complete a 
request for quick approval, retrieving, from the centralized database, an exception access rule 
including pre-established criteria, applying the exception access rule to the completed request 
for quick approval, automatically approving access based on the exception access rule. 
Rather, in contrast to the present invention, Kraenzel describes at Column 4, lines 31-35, that 
"step 156 determines that the user's access privileges do not meet the minimum requirements 
set by a system administrator for that object(s), step 162 determines whether the user has 
requested additional privileges from the system administrator ." Kraenzel further describes a 
system administrator as the object author or manager and that it is the system administrator 
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that may change the level of access privileges assigned to particular users at any given time. 
Kraenzel also describes if additional privileges are granted by the system administrator, the 
level of access privileges assigned to the user is updated and the requested object may be 
retrieved and presented to the user. Behera describes an access control via properties system 
that allows access to the directory entry only if the user has the desired attribute values. 
However no combination of Kraenzel and Behera describes or suggests prompting the user to 
complete a request for quick approval, retrieving, from the centralized database, an exception 
access rule including pre-established criteria, applying the exception access rule to the 
completed request for quick approval, and automatically approving access based on the 
exception access rule. 

Applicants respectfully traverse the assertion in the Office Action at page 7, lines 10- 
12, that "step 154 of FIG. 3 teaches that access privileges have to be retrieved from the 
database(Col. 4. Lines 25-26). ..[t]hus, additional privilege, obviously, has to be retrieved 
from the database also." This assertion is in contrast with Kraenzel that describes that 
additional privileges are not retrieved from a database, but rather are granted by the system 
administrator, which is the object author or manager. 

Further, Kraenzel and Behera both describe modifying an ACL to update access 
privileges, Kraenzel describes using a user affinity determined by a user affinity object, and 
Behera describes using user attributes matched against desired attributes. Accordingly, no 
motivation exists combine Behera and Kraenzel because the combination would make either 
or both of the patented methods described inoperable. Accordingly, no reasonable likelihood 
of success has been shown. For at least the reasons above, Applicants respectfully submit 
that Claim 1 is patentable over Kraenzel in view of Behera. 

Claims 3 and 4 depend from independent Claim 1, which is submitted to be in 
condition for allowance. When the recitations of Claims 3 and 4 are considered in 
combination with the recitations of Claim 1 , Applicants submit that dependent Claims 3 and 
4 are also patentable over Kraenzel in view of Behera. 

Notwithstanding the above, the rejection of Claims 1, 3, and 4 under 35 U.S.C. § 
103(a) as being unpatentable over Kraenzel in view of Behera is further traversed on the 
grounds that the Section 103 rejection of the presently pending claims is not a proper 
rejection. Obviousness cannot be established by merely suggesting that it would have been 
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obvious to one of ordinary skill in the art to modify the method of Kraenzel by applying the 
access rules to the ACL as taught by Behera. More specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
Specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user's access privileges stored in an access control list, and Behera is 
merely cited for its teaching of a method to control access via properties system by providing 
ACL rules based on properties associated with the entries. Since there is no teaching nor 
suggestion in the cited art for the claimed combination, the Section 103 rejection appears to 
be based on a hindsight reconstruction in which isolated disclosures have been picked and 
chosen in an attempt to deprecate the present invention. Of course, such a combination is 
impermissible, and for this reason alone, Applicants respectfully request that the Section 103 
rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by applying the access rules to the ACL as taught by Behera in 
order to grant access to a user or a group to a particular attribute object in the database," 
suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck , 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 
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For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claims 1, 3, and 4 be withdrawn. 

The rejection of Claim 2 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Behera (U.S. Pat. No. 6,535,879), CERN 
[Administrative Information Services, Oracle HR] and Lillibridge (U.S. Pat. No. 6,195,698) 
is respectfully traversed. 

Kraenzel and Behera are described above. CERN is a hardcopy of a webpage dated 
9/29/03 that lists the major functions of Oracle*HR as: personal information management, 
assignments (contracts) management, recruitment management, payroll elements 
management, absence entitlement management, career management, management of official 
documents, access rights, etc., and structures management (divisions, experiments), etc. 
Notably CERN does not describe nor suggest creating an electronic profile. 

Lillibridge describes a computerized access request method wherein a server 
computer receives an access request from a client computer. The server computer generates a 
predetermined number of random characters that are used to form a string in the server 
computer. The string is randomly modified either visually or audibly to form a riddle. The 
original string is the correct answer to the riddle. The server computer renders the riddle on 
an output device of the client computer, and the client computer sends an answer to the 
server. The server determines if the guess is the correct answer, and if so, the access request 
is accepted. 

Claim 1 recites a method for providing access to users based on user profiles and 
using a web-based system that includes a server system coupled to a centralized interactive 
database and at least one client system wherein the method includes "creating an electronic 
profile for a user within a centralized database. . .creating an electronic profile for data within 
the centralized database... establishing pre-determined rules and methodology for user 
access... making a decision with reference to the user access after completing an evaluation 
based on the electronic profiles, pre-determined rules, and operating methodology in response 
to a request from the user for access... if the user is denied access, prompting the user to 
complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
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to the completed request for quick approval... automatically approving access based on the 
exception access rule." 

None of Kraenzel, Behera, CERN, nor Lillibridge, considered alone or in 
combination, describe or suggest a method for providing access to users based on user 
profiles that includes creating an electronic profile for a user within a centralized database, 
creating an electronic profile for data within the centralized database, establishing pre- 
determined rules and methodology for user access, making a decision with reference to the 
user access after completing an evaluation based on the electronic profiles, pre-determined 
rules, and operating methodology in response to a request from the user for access, if the user 
is denied access, prompting the user to complete a request for quick approval, retrieving, 
from the centralized database, an exception access rule including pre-established criteria, 
applying the exception access rule to the completed request for quick approval, automatically 
approving access based on the exception access rule. 

More specifically, no combination of Kraenzel, Behera, CERN, and Lillibridge 
describes or suggests a method that includes prompting the user to complete a request for 
quick approval, retrieving, from the centralized database, an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, automatically approving access based on the exception access rule. 

Rather, in contrast to the present invention, Kraenzel describes at Column 4, lines 31- 
35, that "step 156 determines that the user's access privileges do not meet the minimum 
requirements set by a system administrator for that object(s), step 162 determines whether the 
user has requested additional privileges from the system administrator ." Kraenzel further 
describes a system administrator as the object author or manager and that it is the system 
administrator that may change the level of access privileges assigned to particular users at 
any given time. Kraenzel also describes if additional privileges are granted by the system 
administrator, the level of access privileges assigned to the user is updated and the requested 
object may be retrieved and presented to the user. Moreover, Behera describes an access 
control via properties system that allows access to the directory entry only if the user has the 
desired attribute values, CERN describes an Oracle Human Resources application used at 
CERN but, does not describe nor suggest creating an electronic profile, and Lillibridge 
describes generating a riddle and waiting for a predetermined amount of time for a correct 
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response from a client system. Accordingly, none of Kraenzel, Behera, CERN, nor 
Lillibridge considered alone or in combination, describe or suggest prompting the user to 
complete a request for quick approval, retrieving, from the centralized database, an exception 
access rule including pre-established criteria, applying the exception access rule to the 
completed request for quick approval, automatically approving access based on the exception 
access rule. Accordingly, Applicants respectfully submit that Claim 1 is patentable over 
Kraenzel in view of Behera, CERN, and Lillibridge. 

Claim 2 depends from independent Claim 1, which is submitted to be in condition for 
allowance. When the recitations of Claim 2 are considered in combination with the 
recitations of Claim 1, Applicants submit that dependent Claim 2 is also patentable over 
Kraenzel in view of Behera, CERN, and Lillibridge . 

Notwithstanding the above, the rejection of Claim 2 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Behera, CERN, and Lillibridge is further 
traversed on the grounds that the Section 103 rejection of the presently pending claims is not 
a proper rejection. Obviousness cannot be established by merely suggesting that it would 
have been obvious to one of ordinary skill in the art to modify the methods of Kraenzel and 
Behera by using information from OHR Application and RFCA Application. Specifically, as 
is well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. More specifically, Kraenzel is cited for its teaching of a method for 
generating a profile of a network user based on a user's access privileges stored in an access 
control list, Behera is merely cited for its teaching of a method to control access via 
properties system by providing ACL rules based on properties associated with the entries, 
CERN is cited for teaching an OHR application, and Lillibridge is cited for teaching a RFCA 
Application. Since there is no teaching nor suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 
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Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art to modify the Kraenzel and Behera 
method by using information from OHR Application and RFCA Application to build the 
electronic profile in order to distribute object to a user or a group via IP address," suggests 
combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants 5 disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck . 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 2 be withdrawn. 

The rejection of Claims 5-14 under 35 U.S.C. § 103 as being unpatentable over 
Kraenzel (U.S. Pat. No. 6,513,039) is respectfully traversed. 

Applicant respectfully submits that the Section 103 rejection of Claims 5-14 is not a 
proper rejection. The mere assertion that such an apparatus would have been obvious to one 
of ordinary skill in the art does not support a prima facie obvious rejection. Rather, each 
allegation of what would have been an obvious matter of design choice must always be 
supported by citation to some reference work recognized as standard in the pertinent art, and 
the Applicant given an opportunity to challenge the correctness of the assertion or the repute 
of the cited reference. Applicant has not been provided with the citation to any reference 
supporting the modification made in the rejection. The rejection, therefore, fails to provide 
the Applicant with a fair opportunity to respond to the rejection, and fails to provide the 
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Applicant with the opportunity to challenge the correctness of the rejection. Therefore, 
Applicant respectfully request that the Section 103 rejection be withdrawn. 

Moreover, Applicant respectfully submits that obviousness cannot be established by 
merely suggesting that it would have been an obvious to one of ordinary skill in the art to 
modify Kraenzel. More specifically, it is respectfully submitted that a prima facie case of 
obviousness has not been established. As explained by the Federal Circuit, "to establish 
obviousness based on a combination of the elements disclosed in the prior art, there must be 
some motivation, suggestion or teaching of the desirability of making the specific 
combination that was made by the applicant." In re Kotzab . 54 USPQ2d 1308, 1316 (Fed. 
Cir. 2000). MPEP 2143.01. 

Moreover, the Federal Circuit has determined that: 

[I]t is impermissible to use the claimed invention as an 
instruction manual or "template" to piece together the teachings 
of the prior art so that the claimed invention is rendered 
obvious. This court has previously stated that "[o]ne cannot 
use hindsight reconstruction to pick and choose among isolated 
disclosures in the prior art to deprecate the claimed invention." 
In re Fitch . 23 USPQ2d 1780, 1784 (Fed. Cir. 1992). 

Further, under Section 103, "it is impermissible ... to pick and choose from any one 
reference only so much of it as will support a given position, to the exclusion of other parts 
necessary to the full appreciation of what such reference fairly suggests to one of ordinary 
skill in the art." In re Wesslau , 147 USPQ 391, 393 (CCPA 1965). Rather, there must be 
some suggestion, outside of Applicant's disclosure, in the prior art to combine such 
references, and a reasonable expectation of success must be both found in the prior art, and 
not based on Applicant's disclosure. In re Vaeck , 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 

In the present case, neither a suggestion nor motivation to modify the cited art, nor 
any reasonable expectation of success has been shown. Rather, because there is no teaching 
nor suggestion in the cited art for the claimed modification, the Section 103 rejection appears 
to be based on a hindsight reconstruction in which isolated portions of Kraenzel have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
combination is impermissible, and for this reason alone, Applicant requests that the Section 
103 rejection of Claims 5-14 be withdrawn. 
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Further, and to the extent understood, Kraenzel does not describe nor suggest the 
claimed modification, and as such, the presently pending claims are patentably 
distinguishable from Kraenzel. Specifically, Claim 5 recites a method for managing user 
profile information, including managing access control to applications and data by 
implementing a level of security across the different applications that is the same for each 
application, using a web-based system that includes a server system coupled to a centralized 
interactive database and at least one client system wherein the method includes "providing 
capabilities for a user to request access to information that the user currently does not have 
access to... tracking a status of the request using a tracking component coupled to the 
centralized interactive database... obtaining a decision from an owner of the data 
requested. . .if the decision is access approval, adding at least one of a rule and the user to the 
database. . .notifying the user of the decision. . .if the user is denied access, prompting the user 
to complete a request for quick approval... retrieving, from the centralized database, an 
exception access rule including pre-established criteria... applying the exception access rule 
to the completed request for quick approval... automatically approving access based on the 
exception access rule." 

Kraenzel does not describe nor suggest a method for managing user profile 
information including "providing capabilities for a user to request access to information that 
the user currently does not have access to, tracking a status of the request using a tracking 
component coupled to the centralized interactive database, obtaining a decision from an 
owner of the data requested, if the decision is access approval, adding at least one of a rule 
and the user to the database, notifying the user of the decision, if the user is denied access, 
prompting the user to complete a request for quick approval, retrieving, from the centralized 
database, an exception access rule including pre-established criteria, applying the exception 
access rule to the completed request for quick approval, and automatically approving access 
based on the exception access rule. Specifically, Kraenzel does not describe nor suggest a 
method that includes tracking a status of the request using a tracking component coupled to 
the centralized interactive database, nor if the request for data access is approved, adding at 
least one of a rule and the user to the database. Moreover, Kraenzel does not describe nor 
suggest a method that includes if the user is denied access to the requested data, prompting 
the user to complete a request for quick approval, retrieving, from the centralized database, 
an exception access rule including pre-established criteria, applying the exception access rule 
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to the completed request for quick approval, and automatically approving access based on the 
exception access rule. Rather, in contrast to the present invention, Kraenzel describes at 
Column 4, lines 31-35, that "step 156 determines that the user's access privileges do not meet 
the minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
administrator ." Kraenzel further describes a system administrator as the object author or 
manager and that it is the system administrator that may change the level of access privileges 
assigned to particular users at any given time. Kraenzel also describes if additional privileges 
are granted by the system administrator, the level of access privileges assigned to the user is 
updated and the requested object may be retrieved and presented to the user. Accordingly, 
for at least the reasons set forth above, Claim 5 is submitted to be patentable over Kraenzel 

Claims 6-14 depend from independent Claim 5, which is submitted to be in condition 
for allowance. When the recitations of Claim s 6-14 are considered in combination with the 
recitations of Claim 5, Applicants submit that dependent Claims 6-14 are also patentable over 
Kraenzel. 

The rejection of Claim 15 under 35 U.S.C. § 103 as being unpatentable over Kraenzel 
(U.S. Pat. No. 6,513,039) in view of Stockwell (U.S. Pat No. 6,535879) is respectfully 
traversed. 

Kraenzel is described above. Stockwell describes a method of regulating data flow 
through a firewall such that an agent or application attempts assess through the firewall. To 
make an ACL check, the agent collects information about the nature of the connection. This 
information includes the source and destination IP address. The agent places this information 
into a query list. The query list contains all of the relevant information needed to make the 
ACL check. The agent then submits the query list to acid 60 and acid 60 searches for a rule 
that matches the query list and returns a reply list. The reply list includes either "allow" or 
"deny" to indicate if the connection should be accepted or rejected. Other values in the reply 
list are side effects that change the behavior of the agent. 

Claim 5 recites a method for managing user profile information, including managing 
access control to applications and data by implementing a level of security across the 
different applications that is the same for each application, using a web-based system that 
includes a server system coupled to a centralized interactive database and at least one client 
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system wherein the method includes "providing capabilities for a user to request access to 
information that the user currently does not have access to... tracking a status of the request 
using a tracking component coupled to the centralized interactive database... obtaining a 
decision from an owner of the data requested... if the decision is access approval, adding at 
least one of a rule and the user to the database. . .notifying the user of the decision. . .if the user 
is denied access, prompting the user to complete a request for quick approval... retrieving, 
from the centralized database, an exception access rule including pre-established 
criteria... applying the exception access rule to the completed request for quick 
approval. . .automatically approving access based on the exception access rule." 

Neither Kraenzel nor Stockwell, considered alone or in combination, describe or 
suggest a method for managing user profile information including "providing capabilities for 
a user to request access to information that the user currently does not have access to, 
tracking a status of the request using a tracking component coupled to the centralized 
interactive database, obtaining a decision from an owner of the data requested, if the decision 
is access approval, adding at least one of a rule and the user to the database, notifying the user 
of the decision, if the user is denied access, prompting the user to complete a request for 
quick approval, retrieving, from the centralized database, an exception access rule including 
pre-established criteria, applying the exception access rule to the completed request for quick 
approval, and automatically approving access based on the exception access rule. 

Specifically, neither Kraenzel nor Stockwell describe or suggest a method that 
includes tracking a status of the request using a tracking component coupled to the 
centralized interactive database, nor if the request for data access is approved, adding at least 
one of a rule and the user to the database. Moreover, neither Kraenzel nor Stockwell describe 
or suggest a method that includes if the user is denied access to the requested data, prompting 
the user to complete a request for quick approval, retrieving, from the centralized database, 
an exception access rule including pre-established criteria, applying the exception access rule 
to the completed request for quick approval, and automatically approving access based on the 
exception access rule. 

Rather, in contrast to the present invention, Kraenzel describes at Column 4, lines 31- 
35, that "step 156 determines that the user's access privileges do not meet the minimum 
requirements set by a system administrator for that object(s), step 162 determines whether the 
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user has requested additional privileges from the system administrator ." Kraenzel further 
describes a system administrator as the object author or manager and that it is the system 
administrator that may change the level of access privileges assigned to particular users at 
any given time. Kraenzel also describes if additional privileges are granted by the system 
administrator, the level of access privileges assigned to the user is updated and the requested 
object may be retrieved and presented to the user, and Stockwell describes a method of 
regulating data flow through a firewall such that an agent or application attempts assess 
through the firewall, but neither Kraenzel nor Stockwell, considered alone or in combination 
describes or suggests automatically approving access based on an exception access rule, 
having pre-established criteria, that is retrieved from a centralized database. Accordingly, 
Applicants respectfully submit that Claim 5 is patentable over Kraenzel in view of Stockwell. 

Notwithstanding the above, the rejection of Claim 15 under 35 U.S.C. § 103(a) as 
being unpatentable over Kraenzel in view of Stockwell is further traversed on the grounds 
that the Section 103 rejection of the presently pending claims is not a proper rejection. 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the method of Kraenzel by including a network in 
order to process the method for remote users. Specifically, as is well established, 
obviousness cannot be established by combining the teachings of the cited art to produce the 
claimed invention, absent some teaching, suggestion, or incentive supporting the 
combination. Rather, the present Section 103 rejection appears to be based on a combination 
of teachings selected from multiple patents in an attempt to arrive at the claimed invention. 
More specifically, Kraenzel is cited for its teaching of a method for generating a profile of a 
network user based on a user f s access privileges stored in an access control list, and Stockwell 
is merely cited for its teaching of a fire wall- to- firewall encryption system that includes a 
workstation communicating through a firewall to an unprotected network. Since there is no 
teaching nor suggestion in the cited art for the claimed combination, the Section 103 rejection 
appears to be based on a hindsight reconstruction in which isolated disclosures have been 
picked and chosen in an attempt to deprecate the present invention. Of course, such a 
combination is impermissible, and for this reason alone, Applicants respectfully request that 
the Section 103 rejection be withdrawn. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
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with Stockwell because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the Kraenzel method by including a network in order to process the method for 
remote users," suggests combining the disclosures. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck, 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion nor motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 15 be withdrawn. 

The rejection of Claim 16 under 35 U.S.C. § 103 as being unpatentable over Behera 
(U.S. Pat. No. 6,535,879) in view of Kraenzel (U.S. Pat. No. 6,513,039) is respectfully 
traversed. 

Applicants respectfully submit that neither Behera nor Kraenzel, considered alone or 
in combination, describe or suggest the claimed invention. As discussed below, neither 
Behera nor Kraenzel, considered alone or in combination, describe or suggest establishing 
pre-determined rules and methodology for user access, making a decision with reference to 
the user access after completing an evaluation based on the electronic profiles, pre- 
determined rules, and operating methodology in response to a request from the user for 
access and if the user is denied access, prompting the user to complete a request for quick 
approval wherein the request for quick approval is subjected to an internal exception access 
process, and quick approval is approved based on pre-established criteria. 

Behera and Kraenzel are described above. 
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Claim 16 recites a computer-implemented database configured to be protected 
from access by unauthorized individuals by managing user and data profiles by an 
administrator such that the database provides access to users based on pre-determined rules 
and criteria wherein the database includes... pre-established criteria data developed from 
access rules and criteria including at least one of Rule Based Access guidelines, Group Based 
Access guidelines, Search & Subscribe Utilities guidelines, Active Positioning Monitoring 
guidelines, Hard Exclusion Rules guidelines, and Access Audits guidelines... applications 
data including system administrator defined attributes that cross-references the applications 
profile data against unique identifiers.. .user data, that includes a user's organization and 
citizenship, that cross-references the users profile data against unique identifiers... pre- 
determined rules and methodologies data that facilitates accurate user access— decision 
making." 

Neither Behera nor Kraenzel, considered alone or in combination, describe or suggest 
a computer-implemented database that includes pre-established criteria data developed from 
access rules and criteria, applications data including system administrator defined attributes 
that cross-references the applications profile data against unique identifiers, user data, that 
includes a user's organization and citizenship, that cross-references the users profile data 
against unique identifiers, and pre-determined rules and methodologies data that facilitates 
accurate user access decision making. 

More specifically, neither Behera nor Kraenzel, considered alone or in combination, 
describe or suggest a database that includes, data corresponding to pre-established criteria 
developed from access rules and criteria, and data corresponding to users that cross- 
references the users data against unique identifiers. Rather, in contrast to the present 
invention, Behera describes a directory server that will merely match the desired attributes 
within the specified attribute fieldname with the user's attributes and will allow access to the 
directory entry only if the user has the desired attribute values, and Kraenzel describes at 
Column 4, lines 31-35, that "step 156 determines that the user's access privileges do not meet 
the minimum requirements set by a system administrator for that object(s), step 162 
determines whether the user has requested additional privileges from the system 
administrator ." Kraenzel further describes a system administrator as the object author or 
manager and that it is the system administrator that may change the level of access privileges 
assigned to particular users at any given time. Kraenzel also describes if additional privileges 
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are granted by the system administrator, the level of access privileges assigned to the user is 
updated and the requested object may be retrieved and presented to the user 

Notwithstanding the above, the rejection of Claim 16 under 35 U.S.C. § 103(a) as 
being unpatentable over Behera in view of Kraenzel is further traversed on the grounds that 
the Section 103 rejection of the presently pending claims is not a proper rejection. 
Obviousness cannot be established by merely suggesting that it would have been obvious to 
one of ordinary skill in the art to modify the Behera technique by using the method of access 
as taught by Kraenzel in order to process an access request of a user. More specifically, as is 
well established, obviousness cannot be established by combining the teachings of the cited 
art to produce the claimed invention, absent some teaching, suggestion, or incentive 
supporting the combination. Rather, the present Section 103 rejection appears to be based on 
a combination of teachings selected from multiple patents in an attempt to arrive at the 
claimed invention. Specifically, Behera is cited for its teaching of a LDAP as a database 
configured to be protected from access by using ACL. Kraenzel is cited for its teaching of a 
method for generating a profile of a network user based on a user's access privileges stored in 
an ACL. Since there is no teaching nor suggestion in the cited art for the claimed 
combination, the Section 103 rejection appears to be based on a hindsight reconstruction in 
which isolated disclosures have been picked and chosen in an attempt to deprecate the present 
invention. Of course, such a combination is impermissible, and for this reason alone, 
Applicants respectfully request that the Section 103 rejection be withdrawn. 

Further, Behera and Kraenzel both describe modifying an ACL to update access 
privileges, Behera describes using user attributes matched against desired attributes and 
Kraenzel describes using a user affinity determined by a user affinity object. There appears 
to be no motivation to combine Behera and Kraenzel because the combination makes either 
or both of the methods inoperable. Accordingly, no reasonable likelihood of success has 
been shown. 

Furthermore, in contrast to the assertion within the Office Action, Applicants 
respectfully submit that it would not be obvious to one skilled in the art to combine Kraenzel 
with Behera because there is no motivation to combine the references suggested in the art. 
Rather, the Examiner has not pointed to any prior art that teaches or suggests to combine the 
disclosures, other than Applicants' own teaching. Only the conclusory statement "[i]t would 
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have been obvious to one of ordinary skill in the art to modify the Behera technique by using 
the method of access as taught by Kraenzel in order to process an access request of a user," 
suggests combining the features. 

As the Federal Circuit has recognized, obviousness is not established merely by 
combining references having different individual elements of pending claims. Ex parte 
Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat App. & Inter. 1993). MPEP 2143.01. Rather, 
there must be some suggestion, outside of Applicants' disclosure, in the prior art to combine 
such references, and a reasonable expectation of success must be both found in the prior art, 
and not based on Applicants' disclosure. In re Vaeck , 20 U.S.P.Q.2d 1436 (Fed. Cir. 1991). 
In the present case, neither a suggestion or motivation to combine the prior art disclosures, 
nor any reasonable expectation of success has been shown. 

For at least the reasons set forth above, Applicants respectfully request that the 
Section 103 rejection of Claim 16 be withdrawn. 

In view of the foregoing amendments and remarks, all the claims now active in this 
application are believed to be in condition for allowance. Reconsideration and favorable 
action is respectfully solicited. 



Respectfully submitted, 




William J. Zychlewicz 
Reg. No. 51,366 
Armstrong Teasdale LLP 
One Metropolitan Square, Suite 2600 
St. Louis, MO 63012 
(314) 621-5070 
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